[SCM] KDE Development Platform Libraries module packaging branch, wheezy, updated. debian/4.8.4-4-9-g79a6825
Maximiliano Curia
maxy at alioth.debian.org
Mon May 13 16:23:38 UTC 2013
Gitweb-URL: http://git.debian.org/?p=pkg-kde/kde-sc/kde4libs.git;a=commitdiff;h=79a6825
The following commit has been merged in the wheezy branch:
commit 79a6825ba78d7f4cd67d370684120b2f4c12f344
Author: Maximiliano Curia <maxy at debian.org>
Date: Mon May 13 17:13:12 2013 +0200
Fix for CVE-2013-2074, do not print passwords. (#707776)
backport upstream commit 65d736dab592bced4410ccfa4699de89f78c96ca
---
debian/changelog | 10 +++++-
debian/patches/series | 1 +
...ream_cve-2013-2074-do-not-print-passwords.patch | 32 ++++++++++++++++++++
3 files changed, 41 insertions(+), 2 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index 454fd8b..2a99ecf 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,4 @@
-kde4libs (4:4.8.4-5) UNRELEASED; urgency=low
+kde4libs (4:4.8.4-4+wheezy1) stable; urgency=medium
[ Lisandro Damián Nicanor Pérez Meyer ]
* Fix typo in previous changelog entry (Closes: #692398).
@@ -20,7 +20,13 @@ kde4libs (4:4.8.4-5) UNRELEASED; urgency=low
upstream_install-kmailservice-ktelnetservice-in-the-bindir.patch.
(Closes: #693413). Adjust debian/kdelibs5-plugins.install accordingly.
- -- Debian Qt/KDE Maintainers <debian-qt-kde at lists.debian.org> Sat, 27 Oct 2012 17:04:46 -0300
+ [ Maximiliano Curia ]
+ * Backport upstream commit 65d736dab592bced4410ccfa4699de89f78c96ca to fix
+ CVE-2013-2074: prints passwords contained in HTTP URLs in error messages;
+ patch upstream_cve-2013-2074-do-not-print-passwords.patch,
+ thanks to Salvatore Bonaccorso <carnil at debian.org> (Closes: #707776)
+
+ -- Debian Qt/KDE Maintainers <debian-qt-kde at lists.debian.org> Mon, 13 May 2013 17:01:04 +0200
kde4libs (4:4.8.4-4) unstable; urgency=low
diff --git a/debian/patches/series b/debian/patches/series
index 4a45fc4..db70629 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -30,3 +30,4 @@ upstream_Fix-parsing-of-the-Keywords-key-in-.desktop-files-no.patch
upstream_Temp-services-don-t-have-details-so-assume-they-supp.patch
upstream_Fix-KDirLister-forgetting-to-watch-a-directory-after.patch
upstream_install-kmailservice-ktelnetservice-in-the-bindir.patch
+upstream_cve-2013-2074-do-not-print-passwords.patch
diff --git a/debian/patches/upstream_cve-2013-2074-do-not-print-passwords.patch b/debian/patches/upstream_cve-2013-2074-do-not-print-passwords.patch
new file mode 100644
index 0000000..3d98a47
--- /dev/null
+++ b/debian/patches/upstream_cve-2013-2074-do-not-print-passwords.patch
@@ -0,0 +1,32 @@
+commit 65d736dab592bced4410ccfa4699de89f78c96ca
+Author: Grégory Oestreicher <greg at kamago.net>
+Date: Wed May 8 23:16:00 2013 +0200
+
+ Don't show passwords contained in HTTP URLs in error messages
+ BUG: 319428
+
+diff --git a/kioslave/http/http.cpp b/kioslave/http/http.cpp
+index 2d139a9..129fc7b 100644
+--- a/kioslave/http/http.cpp
++++ b/kioslave/http/http.cpp
+@@ -3056,7 +3056,7 @@ try_again:
+ ; // Ignore error
+ } else {
+ if (!sendErrorPageNotification()) {
+- error(ERR_INTERNAL_SERVER, m_request.url.url());
++ error(ERR_INTERNAL_SERVER, m_request.url.prettyUrl());
+ return false;
+ }
+ }
+@@ -3072,9 +3072,9 @@ try_again:
+ // Tell that we will only get an error page here.
+ if (!sendErrorPageNotification()) {
+ if (m_request.responseCode == 403)
+- error(ERR_ACCESS_DENIED, m_request.url.url());
++ error(ERR_ACCESS_DENIED, m_request.url.prettyUrl());
+ else
+- error(ERR_DOES_NOT_EXIST, m_request.url.url());
++ error(ERR_DOES_NOT_EXIST, m_request.url.prettyUrl());
+ return false;
+ }
+ } else if (m_request.responseCode >= 301 && m_request.responseCode<= 303) {
--
KDE Development Platform Libraries module packaging
More information about the pkg-kde-commits
mailing list